Options

Any reason to stay in https mode?

cabbeycabbey Registered Users Posts: 1,053 Major grins
edited October 15, 2007 in SmugMug API Support & Integrations
Once I've logged in over https and have my session id, is there any reason to really stay in https mode for future API calls? What got me thinking about this was the observation that web traffic to smugmug doesn't. So once I login my web session id, or some other unique identifier, must be getting passed along in the clear. If I can save the crypto overhead then I'm all for it.
SmugMug Sorcerer - Engineering Team Champion for Commerce, Finance, Security, and Data Support
http://wall-art.smugmug.com/

Comments

  • Options
    devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited October 14, 2007
    personally, I just do logging in over https, and do everything else using http.
    David Parry
    SmugMug API Developer
    My Photos
  • Options
    cabbeycabbey Registered Users Posts: 1,053 Major grins
    edited October 15, 2007
    Yeah, 4 more lines of code and some debug and that's how I'm doing it now too. I figure if it's safe enough for the web interface, well, then hey, it's safe enough for me.
    SmugMug Sorcerer - Engineering Team Champion for Commerce, Finance, Security, and Data Support
    http://wall-art.smugmug.com/
Sign In or Register to comment.